all InfoSec news
Should SOC monitor WAF alerts?
March 28, 2024, 4:38 p.m. | /u/Aleduc_
cybersecurity www.reddit.com
My management has decided that the SOC (me) should monitor WAF alerts in our SIEM (?). I just don't see the point or what can be done:
\- either the traffic has been blocked by the WAF and then no action is required
\- either the traffic went through, and if it is illegitimate, that means the WAF needs improvement, so then no monitoring action to take
Am I missing something?
action alerts blocked can cybersecurity don management monitor point siem soc traffic waf
More from www.reddit.com / cybersecurity
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Application Security Engineer - Enterprise Engineering
@ Meta | Bellevue, WA | Seattle, WA | New York City | Fremont, CA
Security Engineer
@ Retool | San Francisco, CA
Senior Product Security Analyst
@ Boeing | USA - Seattle, WA
Junior Governance, Risk and Compliance (GRC) and Operations Support Analyst
@ McKenzie Intelligence Services | United Kingdom - Remote
GRC Integrity Program Manager
@ Meta | Bellevue, WA | Menlo Park, CA | Washington, DC | New York City